Monday, 2018-03-05

*** egonzalez has joined #openstack-kayobe07:16
*** egonzalez has quit IRC08:41
*** egonzalez has joined #openstack-kayobe08:46
*** egonzalez has quit IRC08:58
*** ktibi has joined #openstack-kayobe09:10
*** mgoddard_ has joined #openstack-kayobe09:27
ktibimgoddard, Hi mark, do you know if kolla or kayobe can config the iptables of host ?09:43
ktibibecause for now, I have a lot of open ports on my ctrl or compute :/09:44
mgoddard_ktibi: hi, neither kolla nor kayobe supports iptables currently09:45
ktibihow do you fix your firewall ?09:46
mgoddard_manually currently09:46
ktibiok ^^09:55
ktibimaybe can add to kayobe the conf of firewall ?09:55
mgoddard_we've considered it10:01
mgoddard_the problem is that people use different tools to do firewall config, and they don't always work together10:02
mgoddard_plus it requires knowledge of services deployed by kolla, which really belongs in kolla-ansible10:02
*** egonzalez has joined #openstack-kayobe10:50
*** ktibi_ has joined #openstack-kayobe11:11
*** ktibi has quit IRC11:12
*** ktibi_ is now known as ktibi13:13
*** mgoddard has quit IRC15:00
*** mgoddard has joined #openstack-kayobe15:02
ktibimgoddard, do you have idea how can we add a custom CA in image during the build ?15:55
mgoddard_ktibi: custom image header/footers?15:55
ktibi^^ no docker image with kolla-build :p15:56
ktibiho yes :)15:56
mgoddard_no docker image?15:56
ktibiI thought you were talking about image like jpg ^^15:56
ktibiok great, can I use a generic block for add on all image ?15:57
ktibiworks ?15:58
ktibiok, I added custom dockerfile for horizon (add designate dashboard), I did't see that :p15:59
mgoddard_most images have <image>_header and <image>_footer blocks that you can override, the kayobe config is just a bit of magic to define them in yaml15:59
mgoddard_yeah, it's fairly flexible16:00
ktibivery good :)16:00
ktibiI work on SSL on internal network16:00
mgoddard_you don't have a trusted CA?16:01
ktibiadd CA in image, change internal_protocol to https for API, config rabbitMQ for SSL and we good I think16:01
egonzalezktibi, copy the CA image will require the usage of a COPY in dockerfile, which will need the CA in the same folder as the dockerfile16:02
mgoddard_egonzalez: that's true16:02
egonzalezktibi, if possible use a curl or something to retrieve it from some other place16:03
egonzalezwill be easier to maintain16:03
ktibiegonzalez, yep, thx for tips.16:04
mgoddard_ktibi: sorry...
ktibiegonzalez, mgoddard_ I think kolla doen't need  a lot of modif for SSL on internal16:06
ktibigoodbye github T_T16:06
mgoddard_ktibi: depends on the use case, there will probably be lots of corner cases that are hard to find16:07
mgoddard_I'm sure you could get it to work for a specific environment though16:07
ktibiFor me, API is easy, just rabbitmq more complex :/16:08
*** egonzalez has quit IRC16:10
ktibimgoddard_, did you go to PTG ?16:18
mgoddard_ktibi: yes I did. It was a good week16:19
ktibicold week? ;p16:19
mgoddard_Very cold16:19
mgoddard_Was stranded in dublin over the weekend!16:19
ktibiyes same in france this week16:20
ktibiat TV, they call that : moscou wave16:20
mgoddard_we called it 'the beast from the east'16:21
ktibibut you re used to being cold in UK no ?16:24
mgoddard_not that cold...16:25
mgoddard_ktibi: if you're doing TLS, you may be interested in this:
*** mgoddard_ has quit IRC17:45
*** ktibi has quit IRC18:14

Generated by 2.15.3 by Marius Gedminas - find it at!